Exemplo n.º 1
0
        public ActionResult Create(DX_FILES dx_files)
        {
            long newFileId = -1;
            try
            {
                if (Request.Files[0].InputStream.Length != 0)
                {
                    if (Request.Files[0].InputStream.Length < MAX_FILE_SIZE)
                    {
                        HttpPostedFileBase file = Request.Files[0];
                        System.IO.Stream stream = file.InputStream;
                        byte[] fileData = new byte[stream.Length];
                        stream.Read(fileData, 0, fileData.Length);

                        string userid = SessionKeyMgmt.UserId;

                        //Setting properties of the file object

                        string description = Request.Params.Get("description");
                        if (description.Length != 0 || description.Length > 75)
                        {
                            dx_files.ownerid = userid;
                            dx_files.isarchived = false;
                            dx_files.islocked = false;

                            // Get the filename and its extension
                            string filetype = System.IO.Path.GetExtension(file.FileName);
                            string filename = System.IO.Path.GetFileName(file.FileName);

                            dx_files.type = filetype;
                            dx_files.filename = filename;

                            if (supportedFileTypes.Contains(filetype))
                            {
                                // Find if there are any files with the same filename
                                var existingFiles = from filesTable in db.DX_FILES
                                                    where filesTable.ownerid == userid && filesTable.filename == filename
                                                    select filesTable;

                                // If there already existed a document by this name
                                // increment the verison number
                                if (existingFiles.Count() != 0)
                                {
                                    DX_FILES existingFile = existingFiles.First();
                                    if (existingFile.isarchived == true)
                                    {
                                        ModelState.AddModelError("", "A file with the same name exists in your archived docs. Cannot upload");
                                        return View();
                                    }
                                    else
                                    {
                                        ModelState.AddModelError("", "A file with same name exists in My Docs. Please update the corresponding file");
                                        return View();
                                    }
                                }
                                else
                                {
                                    // Creating a new file
                                    dx_files.latestversion = 1;
                                    dx_files.creationdate = System.DateTime.Now;

                                    DX_USER user = db.DX_USER.Single(d => d.userid == userid);
                                    string accesslevel = user.accesslevel;

                                    if(accesslevel !="employee" && accesslevel!="manager" && accesslevel!="vp" && accesslevel!="ceo")
                                    {
                                        ModelState.AddModelError("", "You are not authorized to upload a file");
                                        return View();
                                    }

                                    //Based on the role, the file should be shared with managers
                                    // Create a new file version object
                                    DX_FILEVERSION fileversion = new DX_FILEVERSION();
                                    fileversion.isencrypted = false;

                                    // Encrypt the file data if requested
                                    string encrypted = Request.Params.Get("encrypted");
                                    if (encrypted == "true")
                                    {
                                        // Read the encrytion key
                                        if (Request.Files[1].InputStream.Length != 0)
                                        {
                                            HttpPostedFileBase keyFile = Request.Files[1];
                                            System.IO.Stream keyStream = keyFile.InputStream;
                                            byte[] keyData = new byte[keyStream.Length];
                                            keyStream.Read(keyData, 0, (int)keyStream.Length);
                                            fileversion.isencrypted = true;

                                            RijndaelManaged Crypto = new RijndaelManaged();
                                            Crypto.BlockSize = 128;
                                            Crypto.KeySize = 256;
                                            Crypto.Mode = CipherMode.CBC;
                                            Crypto.Padding = PaddingMode.PKCS7;
                                            Crypto.Key = keyData;

                                            // Convert the ivString to a byte array
                                            byte[] ivArray = new byte[16];
                                            System.Buffer.BlockCopy(ivStringConstant.ToCharArray(), 0,
                                                ivArray, 0, ivArray.Length);
                                            Crypto.IV = ivArray;

                                            ICryptoTransform Encryptor = Crypto.CreateEncryptor(Crypto.Key, Crypto.IV);
                                            byte[] cipherText = Encryptor.TransformFinalBlock(fileData, 0, fileData.Length);

                                            // Copy the encrypted data to the file data buffer
                                            Array.Clear(fileData, 0, fileData.Length);
                                            Array.Resize(ref fileData, cipherText.Length);
                                            Array.Copy(cipherText, fileData, cipherText.Length);
                                        }
                                        else
                                        {
                                            ModelState.AddModelError("", "Please enter a valid keyfile");
                                            return View();
                                        }
                                    }

                                    var allFiles = from fileversions in db.DX_FILEVERSION
                                                   select fileversions;
                                    double totalSize;
                                    if (allFiles.Count() != 0)
                                    {
                                        totalSize = allFiles.Sum(w => w.size);
                                    }
                                    else
                                        totalSize=0;
                                    totalSize /= (1024 * 1024);

                                    long maxSize = long.Parse(System.Configuration.ConfigurationManager.AppSettings["filestreamMaxSize"]);

                                    if ((totalSize + (fileData.Length / (1024 * 1024)) > maxSize))
                                    {
                                        ModelState.AddModelError("", "Disk space exceeded. Please contact admin");
                                        return View();
                                    }

                                    // Save changes for the DX_FILES object so the new fileid is
                                    // auto generated.
                                    db.DX_FILES.AddObject(dx_files);
                                    db.SaveChanges();

                                    newFileId = dx_files.fileid;

                                    fileversion.versionnumber = (int)dx_files.latestversion;
                                    fileversion.updatedate = System.DateTime.Now;
                                    fileversion.description = description;
                                    fileversion.updatedby = userid;

                                    // Add information about the file version to database
                                    fileversion.filedata = fileData;
                                    fileversion.size = fileData.Length;

                                    fileversion.fileid = dx_files.fileid;
                                    fileversion.versionid = Guid.NewGuid();

                                    db.DX_FILEVERSION.AddObject(fileversion);

                                    //Share with the owner
                                    DX_PRIVILEGE empPriv = new DX_PRIVILEGE();

                                    empPriv.userid = userid;
                                    empPriv.read = true;
                                    empPriv.update = true;
                                    empPriv.reason = "owner";
                                    empPriv.check = true;
                                    empPriv.delete = true;

                                    empPriv.fileid = dx_files.fileid;
                                    db.DX_PRIVILEGE.AddObject(empPriv);

                                    if (accesslevel == "employee")
                                    {
                                        //Getting the dept id of employee
                                        DX_USERDEPT userdept = db.DX_USERDEPT.Single(d => d.userid == userid);
                                        int deptid = userdept.deptid;

                                        //Getting the user id of manager
                                        var managers = from usersTable in db.DX_USER
                                                       join userdepts in db.DX_USERDEPT on usersTable.userid equals userdepts.userid
                                                       where usersTable.accesslevel == "manager" && userdepts.deptid == deptid
                                                       select usersTable;
                                        if (managers.Count() != 0)
                                        {
                                            DX_PRIVILEGE mgrPriv = new DX_PRIVILEGE();
                                            foreach (DX_USER managerUser in managers)
                                            {
                                                //Providing manager the respective rights
                                                string managerId = managerUser.userid;

                                                mgrPriv.userid = managerId;
                                                mgrPriv.read = true;
                                                mgrPriv.check = true;
                                                mgrPriv.update = true;
                                                mgrPriv.reason = "inherit";
                                                mgrPriv.delete = true;
                                                mgrPriv.fileid = dx_files.fileid;
                                                db.DX_PRIVILEGE.AddObject(mgrPriv);
                                            }
                                        }

                                    }
                                    if (accesslevel == "manager" || accesslevel == "employee")
                                    {
                                        //Getting the dept id of employee
                                        DX_USERDEPT userdept = db.DX_USERDEPT.Single(d => d.userid == userid);
                                        int deptid = userdept.deptid;

                                        var vp = from usersTable in db.DX_USER
                                                 join userdepts in db.DX_USERDEPT on usersTable.userid equals userdepts.userid
                                                 where usersTable.accesslevel == "vp" && userdepts.deptid == deptid
                                                 select usersTable;
                                        if (vp.Count() != 0)
                                        {
                                            foreach (DX_USER vpUser in vp)
                                            {
                                                DX_PRIVILEGE vpPriv = new DX_PRIVILEGE();
                                                string vpId = vpUser.userid;

                                                vpPriv.userid = vpId;
                                                vpPriv.read = true;
                                                vpPriv.check = true;
                                                vpPriv.update = true;
                                                vpPriv.reason = "inherit";
                                                vpPriv.delete = true;
                                                vpPriv.fileid = dx_files.fileid;
                                                db.DX_PRIVILEGE.AddObject(vpPriv);
                                            }
                                        }

                                    }
                                    if (accesslevel == "vp" || accesslevel == "manager" || accesslevel == "employee")
                                    {
                                        var ceo = from usersTable in db.DX_USER
                                                  where usersTable.accesslevel == "ceo"
                                                  select usersTable;
                                        if (ceo.Count() != 0)
                                        {
                                            foreach (DX_USER ceoUser in ceo)
                                            {
                                                DX_PRIVILEGE ceoPriv = new DX_PRIVILEGE();
                                                string ceoId = ceoUser.userid;

                                                ceoPriv.userid = ceoId;
                                                ceoPriv.read = true;
                                                ceoPriv.check = true;
                                                ceoPriv.update = true;
                                                ceoPriv.reason = "inherit";
                                                ceoPriv.delete = true;
                                                ceoPriv.fileid = dx_files.fileid;
                                                db.DX_PRIVILEGE.AddObject(ceoPriv);
                                            }
                                        }

                                    }

                                    db.SaveChanges();

                                    // Show the document list
                                    return RedirectToAction("ListDocuments");
                                }
                            }
                            else
                            {
                                ModelState.AddModelError("","Invalid file type. Accepted file types are PDF, Word, Excel, PowerPoint, Text and Image Files");
                            }
                        }
                        else
                        {
                            ModelState.AddModelError("","Please enter a valid description");
                        }
                    }
                    else
                    {
                        ModelState.AddModelError("", "File size exceeded 5 MB Limit");
                        return View();
                    }
                }
                else
                {
                    ModelState.AddModelError("","Please select the file to be uploaded");
                }
            }
            catch (Exception)
            {
                ModelState.AddModelError("","Error uploading the document ");
                // Check if a document information has been uploaded to DX_FILES
                // and delete it
                if (newFileId != -1)
                {
                    db.DX_FILES.DeleteObject(dx_files);
                    db.SaveChanges();
                }
            }
            return View();
        }
Exemplo n.º 2
0
        public ActionResult ShareFiles(ShareDocuments files)
        {
            if (files != null && files.shareWithUsers != null)
            {
                files.Files = SessionKeyMgmt.SharedFiles;

                try
                {
                    List<Int64> fileIdList = new List<Int64>();
                    foreach (DX_FILES file in files.Files)
                    {
                        fileIdList.Add(Convert.ToInt64(file.fileid));
                    }
                    foreach (string user in files.shareWithUsers)
                    {
                        foreach (Int64 fileId in fileIdList)
                        {
                            var listofsharedfiles = from privilegetable in db.DX_PRIVILEGE where privilegetable.fileid == fileId && privilegetable.userid == user select privilegetable;

                            if (listofsharedfiles.ToList().Count > 0)
                            {
                                foreach (DX_PRIVILEGE existingfile in listofsharedfiles)
                                {
                                    if (existingfile.reason != "inherit" && existingfile.reason != "owner")
                                    {
                                        existingfile.read = true;
                                        existingfile.delete = false;
                                        existingfile.update = files.update;
                                        existingfile.check = files.check;
                                    }
                                }
                            }
                            else
                            {
                                DX_PRIVILEGE sharedfile = new DX_PRIVILEGE();
                                sharedfile.fileid = fileId;
                                sharedfile.userid = user;
                                sharedfile.read = true;
                                sharedfile.delete = false;
                                sharedfile.update = files.update;
                                sharedfile.check = files.check;
                                sharedfile.reason = "shared";
                                db.DX_PRIVILEGE.AddObject(sharedfile);
                            }
                        }
                    }
                    db.SaveChanges();
                }
                catch
                {
                    ModelState.AddModelError("", "Some Error occured. Try again after sometime!");
                }
                SessionKeyMgmt.SharedFiles = new List<DX_FILES>();
            }
            else
            {
                ModelState.AddModelError("", "Please select users!!");
            }
            return RedirectToAction("ListDocuments");
        }
Exemplo n.º 3
0
 /// <summary>
 /// Deprecated Method for adding a new object to the DX_PRIVILEGE EntitySet. Consider using the .Add method of the associated ObjectSet&lt;T&gt; property instead.
 /// </summary>
 public void AddToDX_PRIVILEGE(DX_PRIVILEGE dX_PRIVILEGE)
 {
     base.AddObject("DX_PRIVILEGE", dX_PRIVILEGE);
 }
Exemplo n.º 4
0
 /// <summary>
 /// Create a new DX_PRIVILEGE object.
 /// </summary>
 /// <param name="privilegeid">Initial value of the privilegeid property.</param>
 /// <param name="fileid">Initial value of the fileid property.</param>
 /// <param name="userid">Initial value of the userid property.</param>
 /// <param name="read">Initial value of the read property.</param>
 /// <param name="delete">Initial value of the delete property.</param>
 /// <param name="update">Initial value of the update property.</param>
 /// <param name="check">Initial value of the check property.</param>
 /// <param name="reason">Initial value of the reason property.</param>
 public static DX_PRIVILEGE CreateDX_PRIVILEGE(global::System.Int64 privilegeid, global::System.Int64 fileid, global::System.String userid, global::System.Boolean read, global::System.Boolean delete, global::System.Boolean update, global::System.Boolean check, global::System.String reason)
 {
     DX_PRIVILEGE dX_PRIVILEGE = new DX_PRIVILEGE();
     dX_PRIVILEGE.privilegeid = privilegeid;
     dX_PRIVILEGE.fileid = fileid;
     dX_PRIVILEGE.userid = userid;
     dX_PRIVILEGE.read = read;
     dX_PRIVILEGE.delete = delete;
     dX_PRIVILEGE.update = update;
     dX_PRIVILEGE.check = check;
     dX_PRIVILEGE.reason = reason;
     return dX_PRIVILEGE;
 }
Exemplo n.º 5
0
        public ActionResult AssignAccessLevel(string id)
        {
            try
            {

                if (id != null)
                {
                    var allusers = from usertabel in database.DX_USER where usertabel.userid == id select usertabel;

                    if (allusers != null && allusers.ToList().Count == 1)
                    {
                        DX_USER user = allusers.ToList().First();

                        switch (user.role)
                        {
                            case "ceo": user.accesslevel = Constants.CEO_USER_ACCESS;
                                break;
                            case "manager": user.accesslevel = Constants.MANAGER_USER_ACCESS;

                                break;
                            case "employee": user.accesslevel = Constants.EMPLOYEE_USER_ACCESS;
                                break;
                            case "vp": user.accesslevel = Constants.VP_USER_ACCESS;
                                break;
                            default:
                                break;
                        }
                        database.ObjectStateManager.ChangeObjectState(user, EntityState.Modified);
                        if (user.accesslevel != Constants.EMPLOYEE_USER_ACCESS) {
                            var userdept = from userdepttable in database.DX_USERDEPT
                                           where userdepttable.userid == id
                                           select userdepttable;
                            if (userdept == null) { throw new Exception("error while retrieving user department"); }
                            List<string> usersList = new List<string>();
                            foreach (DX_USERDEPT dept in userdept) {
                                var deptmembers = from userdepttable in database.DX_USERDEPT
                                                  where userdepttable.deptid == dept.deptid && userdepttable.userid!=id
                                                  select userdepttable;
                                if (deptmembers != null)
                                {

                                    foreach (DX_USERDEPT deptuser in deptmembers)
                                    {
                                        string deptUserid = deptuser.userid;
                                        if (!usersList.Contains(deptUserid))
                                            usersList.Add(deptUserid);
                                        else
                                            continue;
                                        var useraccess = database.DX_USER.SingleOrDefault(x => x.userid == deptuser.userid);
                                        switch (user.accesslevel)
                                        {
                                            case "manager":
                                                {
                                                    if (useraccess.accesslevel.Equals("ceo") || useraccess.accesslevel.Equals("vp"))
                                                    {
                                                        continue;
                                                    }
                                                    break;
                                                }
                                            case "vp":
                                                {
                                                    if (useraccess.accesslevel.Equals("ceo")) { continue; }
                                                    break;
                                                }
                                        }

                                        var employeeFiles = from files in database.DX_FILES
                                                            where files.ownerid == useraccess.userid
                                                            select files;
                                        if (employeeFiles != null)
                                        {
                                            foreach (DX_FILES employeeFile in employeeFiles)
                                            {
                                                var file = from prev in database.DX_PRIVILEGE where prev.userid == id && prev.fileid == employeeFile.fileid select prev;
                                                if (file != null && file.Count() < 1)
                                                {
                                                    DX_PRIVILEGE filePriv = new DX_PRIVILEGE();
                                                    filePriv.fileid = employeeFile.fileid;
                                                    filePriv.userid = id;
                                                    filePriv.read = true;
                                                    filePriv.update = true;
                                                    filePriv.delete = true;
                                                    filePriv.check = true;
                                                    filePriv.reason = "inherit";
                                                    database.DX_PRIVILEGE.AddObject(filePriv);
                                                }
                                            }
                                        }
                                    }
                                }

                            }
                        }

                        int success = database.SaveChanges();
                        if (success > 0)
                        {
                            String message = Environment.NewLine + "Hi " + user.fname + "," + Environment.NewLine
                                + "You request has been approved!" + Environment.NewLine
                                + "You Can now login to your account to access your files" + Environment.NewLine
                                    + "- Docbox Team";
                            try
                            {
                                EmailMessaging.sendMessage(id, message, "Notification");
                            }
                            catch
                            {
                                ModelState.AddModelError("", "User approved, but notification not send");

                                return View("Error");
                            }

                            //FormsAuthentication.SetAuthCookie(id, false);
                        }

                    }
                }
            }
            catch { ModelState.AddModelError("", "Error occured while assigning access level to the user"); }
            return RedirectToAction("Index");
        }